]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4c56d9f)
configs/hardening: Enable CONFIG_INIT_ON_FREE_DEFAULT_ON
authorKees Cook <kees@kernel.org>
Thu, 17 Jul 2025 23:25:18 +0000 (16:25 -0700)
committerKees Cook <kees@kernel.org>
Tue, 22 Jul 2025 04:41:57 +0000 (21:41 -0700)
To reduce stale data lifetimes, enable CONFIG_INIT_ON_FREE_DEFAULT_ON as
well. This matches the addition of CONFIG_STACKLEAK=y, which is doing
similar for stack memory.

Link: https://lore.kernel.org/r/20250717232519.2984886-13-kees@kernel.org
Signed-off-by: Kees Cook <kees@kernel.org>
kernel/configs/hardening.config patch | blob | blame | history

diff --git a/kernel/configs/hardening.config b/kernel/configs/hardening.config
index d24c2772d04d7f7444b04084c8764d95735b5b87..64caaf997fc08963a07d979d2a35fb0647acd713 100644 (file)
--- a/kernel/configs/hardening.config
+++ b/kernel/configs/hardening.config
@@ -60,6 +60,9 @@ CONFIG_LIST_HARDENED=y
 # Initialize all heap variables to zero on allocation.
 CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y
 
+# Initialize all heap variables to zero on free to reduce stale data lifetime.
+CONFIG_INIT_ON_FREE_DEFAULT_ON=y
+
 # Initialize all stack variables to zero on function entry.
 CONFIG_INIT_STACK_ALL_ZERO=y
 
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git